Overview

overview

10

Static

static

Proof of Payment.exe

windows7_x64

10

Proof of Payment.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Proof of Payment.exe

  • Size

    1.4MB

  • Sample

    210119-zcpa6b1l82

  • MD5

    630c736f4a8124225065b21a153b889d

  • SHA1

    c84d8e6cd5218bdc77b5511a7b38cd94c02fa463

  • SHA256

    ef9e50bbc71c2f7c213f49e413cebab25733d52f82f2197ab256471ecb3db3bf

  • SHA512

    97f4b9f5d5721f8410fb57b2a97f706cef64ad2e9c10a54918dde5a8842c56a59c1cfe1b2aec2d5c889f71612d32045b8c563828eb2d3f3da9284a82227edaa3

Score
10/10
netwirebotnetratstealer

Malware Config

Targets

    • Target

      Proof of Payment.exe

    • Size

      1.4MB

    • MD5

      630c736f4a8124225065b21a153b889d

    • SHA1

      c84d8e6cd5218bdc77b5511a7b38cd94c02fa463

    • SHA256

      ef9e50bbc71c2f7c213f49e413cebab25733d52f82f2197ab256471ecb3db3bf

    • SHA512

      97f4b9f5d5721f8410fb57b2a97f706cef64ad2e9c10a54918dde5a8842c56a59c1cfe1b2aec2d5c889f71612d32045b8c563828eb2d3f3da9284a82227edaa3

    Score
    10/10
    netwirebotnetratstealer

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks